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DETAILED ACTION 

Priority 

1 . Acknowledgment is made of applicant's claim for foreign priority based on an application 
filed in Israel on 28 May 2000. It is noted, however, that applicant has not filed a certified copy 
of the 136414 application as required by 35 U.S.C. 1 19(b). 

2. Acknowledgment is made of applicant's claim for foreign priority based on an application 
filed in Canada on 19 June 2003. It is noted, however, that applicant has not filed a certified 
copy of the 2431581 application as required by 35 U.S.C. 1 19(b). 

3. Applicant's claim for the benefit of a prior-filed application under 35 U.S.C. 1 19(e) or 
under 35 U.S.C. 120, 121, or 365(c) is acknowledged. Applicant has not complied with one or 
more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 1 19(e) as 
follows: 

4. The later-filed application must be an application for a patent for an invention which is 
also disclosed in the prior application (the parent or original nonpro visional application or 
provisional application). The disclosure of the invention in the parent application and in the later- 
filed application must be sufficient to comply with the requirements of the first paragraph of 35 
U.S.C. 1 12. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 
USPQ2d 1077 (Fed. Cir. 1994). 

5. The disclosure of the prior-filed application, Application No. 60/209,593 ('593), fails to 
provide adequate support or enablement in the manner provided by the first paragraph of 35 
U.S.C. 1 12 for one or more claims of this application. The '593 application does not provide 
support for a security system running at a lower privilege level than the operation system. 
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Election/Restrictions 

6. Applicant's election without traverse of Group I in the reply filed on 1 8 July 2008 is 
acknowledged. 

Claim Rejections - 35 USC § 112 

7. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

8. Claims 20, 43, 86-87 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

9. Claim 20 recites the limitation "the user" in line 2. There is insufficient antecedent basis 
for this limitation in the claim. 

10. Claim 20 recites the limitation "the application" in line 2. There is insufficient antecedent 
basis for this limitation in the claim. 

1 1 . Claim 43 recites the limitation "said activation" in line 3. There is insufficient antecedent 
basis for this limitation in the claim. 

12. Claim 86 recites the limitation "said copy-on-write" in line 1. There is insufficient 
antecedent basis for this limitation in the claim. 

13. Claim 87 recites the limitation '"at least in one or more cases'" in lines 1-2. There is 
insufficient antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC § 103 

14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

15. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness 
or nonobviousness. 

16. Claims 1-5, 9-12, 15, 30, 33, 41-43, 63, 87, 94 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Gaul, U.S. Publication No. 2001/0034847, in view of Kardach, U.S. 
2002/0143845. Referring to claims 1, 9, 33, 41, 63, 87, 94, Gaul discloses a remote security 
checking facility wherein a user at a terminal (Figure 1 , 36) is authenticated to use a network 
security vulnerability testing application (Figure 1,41), which meets the limitation of a control 
system and/or security system, the security system can identify strategic files and strategic 
directories using predefined rules. Gaul does not disclose that the vulnerability testing 
application runs below ring 0 or below the operating system of the terminal. Kardach discloses 
an application that runs below the operating system ([0032]), which meets the limitation of a 
computer system wherein at least one of device drivers and/or an operating system and/or parts 
of it are in ring 0 but there is at least one more privileged area below ring 0. It would have been 
obvious to one of ordinary skill in the art at the time the invention was made for the vulnerability 
testing application of Gaul to run below the operating system of the terminal in order to provide 
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real-time alerts when the application discovers a vulnerability as taught by Kardach ([0031]- 
[0033]). 

Referring to claims 2, 5, 10, 15, 30, Gaul discloses that the vulnerability testing 
application can test security features like intrusion detection ([0017]), which meets the limitation 
of a monitoring and capturing system, which monitors at least one of storage devices and 
communications devices, a hardware element is used which monitors hardware accesses, so that 
the Security System and/or said hardware element can discover events where access has been 
made to at least one of storage devices and communication devices without an apparent 
corresponding event on the system level, any attempt to automatically generate an outgoing 
communication need explicit permission by the user, the security system automatically blocks 
potentially highly dangerous activities or asks the user for explicit authorization, even if the user 
supposedly allowed this to an application through the dialog box. 

Referring to claims 3,4, 11, 12, Gaul discloses that once security penetration testing 
completes, a recommendation report revealing the results is automatically delivered to the client 
([0114]), which meets the limitation of said user interface at least also warns the user explicitly 
in cases of potentially highly dangerous activities, interception of more explicit warning of the 
user about potentially highly dangerous activities. 

Referring to claims 42-43, Gaul discloses a remote security checking facility wherein a 
user at a terminal (Figure 1, 36) is authenticated to use a network security vulnerability testing 
application (Figure 1,41), which meets the limitation of at least one part of the security system 
becomes active even if the computer is booted from at least one of a floppy drive, CD, network 
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drive, and any other source that is not the normal boot area, said activation is done by at least one 
of the BIOS and the processor itself before the normal boot sequence begins. 
17. Claims 19-20, 45-46, 51, 58, 60-61, 64, 67, 68, 70-75, 77-83, 86, 88-93 are rejected under 
35 U.S.C. 103(a) as being unpatentable over Gaul, U.S. Publication No. 2001/0034847, in view 
of Kardach, U.S. 2002/0143845, and further in view of Nachenberg, U.S. Patent No. 6,357,008. 
Referring to claims 19-20, 45, 51, 58, 60-61, 67, 70-75, 77-83, 86, 88-93, Gaul does not disclose 
creating a virtual environment for programs. Nachenberg discloses creating a virtual 
environment for programs running on the computer terminal (Col. 3, line 62 - Col. 4, line 5), 
which meets the limitation of by default at least for some programs each program can only see 
itself and the operating system and the computer resources that it is allowed to see, so that it lives 
in a Virtual Environment (VE), the Security System identifies if the application initiated at least 
one of accessing a file outside the virtual environment of the program, and at least one potential 
security-risk command which is at least partially related the disk or other non-volatile storage 
device, and so can allow more flexibility and/or less limitations and/or no limitations if the 
command was initiated directly by the user than if it was initiated by the application, if an 
application launches another application, the newly launched application is limited to the VE of 
the launching application, programs are allowed to send OS messages only to programs which 
are running within their own Virtual Environments, the security system prevents running 
processes from changing their code in memory, the security system also prevents applications 
from accessing directly lower level functions that can access hard disks and/or other devices 
except by calling them through the normal kernel interface, even if the user requested installation 
without VE limitation, the new program is first installed in a separate VE, and only after a 
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certain time period or after the user authorizes it (and/or for example after the security system 
checks various parameters to see that things seem ok), the VE limitations are lifted or this VE is 
merged with the unlimited VE, at least in one mode and for at least some of the files and/or 
directories there is an indication near the file and/or directory if it is a real file or a virtual file 
and/or the user and/or the administrator can see by clicking on the file and/or by the color of the 
file name or icon and/or by other indication, to which virtual environment it belongs, the security 
system filters or controls the communication between the two objects, segregation between 
programs and/or between virtual environments that is applied to at least one of hard disks and 
other storage media and/or other resources, wherein there are resources that are shared between 
virtual environments so that programs that are in a virtual environment are given the illusion that 
they are accessing said shared resources, but in reality if these programs make changes not 
explicitly allowed by the user in said shared resources, copy-on-write is used and/or said 
programs arc redirected to another area so that said changes are only made in the virtual 
environment, at least for one or more shared resources and/or one or more programs and/or in 
one or more conditions if a program makes a change or changes in a shared resource, copy-on- 
write is used and/or said program is redirected to another area so that said changes are only make 
in the virtual environment and/or in said other area to which the program is redirected, the 
system enables the user to interact with an integrated view of the desktop and/or of the file 
system, based on merged views of virtual environments, so that the user can interact with 
programs that are in a virtual environment without having to switch to their virtual environment, 
automatic segregation between programs that is applied to at least one of the hard disks and other 
storage devices wherein files and directories are involved, automatic segregation between 
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programs which the user can access, so that the directory structure in which a file is located 
automatically affects the access rights of other programs to it, capable of automatic segregation 
of programs into their natural environments so that by default programs are allowed to fully 
access files only within their natural environment, which is mainly the directory in which the 
program is installed and its sub-directories, there are resources that are shared between virtual 
environments so that programs that are in a virtual environment are give the illusion that they are 
accessing said shared resources, but in reality if these programs make changes not explicitly 
allowed by the user in said shared resources, copy-on-write is used and/or said programs are 
redirected to another area sot that said changes arc only made in the virtual environment, 
identifies if the user or an application initiated at least one of accessing a file outside the natural 
environment or virtual environment said application, and at least one potential security-risk 
command which is at least partially related to the hard disk or other non-volatile storage device, 
and so can allow more flexibility and/or less limitations and/or no limitations if the command 
was initiated directly by the user if it was initiated by the application, said copy-on-write and/or 
redirection to another area for making changes is used at least in one or more cases when a 
program does not have sufficient rights to make changes in one or more files or directories or 
other shared resources, the program is automatically first installed in a separate VE even if the 
user did no request to install the program within a virtual environment, and only after a certain 
time period or after the user authorizes it, and/or after the security system checks various 
parameters to see that things seem ok, the VE limitations are lifted or this VE is merged with the 
unlimited normal environment, programs can be given the illusion that they have accessed shared 
keys in the registry, while in practice they are redirected each to its individual private file of 
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relevant registry keys, said copy-on-write and/or redirection to another area for making changes 
is implemented at least when some programs need to install certain files in system directories, 
virtual shared directories are implemented by giving a program a logical view of the shared 
directories or of only some of the files in it, so that if the program is allowed to see the file it sees 
the original copy, but if it changes files in the shared directory, said files will in reality be copied 
into files in the program's individual private area and changed only there. It would have been 
obvious to one of ordinary skill in the art at the time the invention was made for programs in 
Gaul to be implemented in a virtual environment in order to determine whether the program is 
malicious without risking infection as taught by Nachenberg, (Col. 3, line 62 - Col. 4, line 1). 

Referring to claim 46, Gaul does not disclose scanning files for viruses. Nachenberg 
discloses scanning files for viruses (Col. 1, lines 27-38), which meets the limitation of if users 
download many files into a single download directory, the security system at least one of uses 
context sensitive information. It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to scan for viruses in the system of Gaul in order to protect the 
system against infection as taught by Nachenberg (Col. 4, line 66 - Col. 5, line 4). 

Referring to claim 64, Gaul does not disclose creating a virtual environment for 
programs. Nachenberg discloses creating a virtual environment for programs running on the 
computer terminal (Col. 3, line 62 - Col. 4, line 5) and identifying idle-loops in the emulated 
program (Col. 4, lines 25-31), which meets the limitation of automatically detecting by the 
software in the CPU itself entering the CPU into useless loops. It would have been obvious to 
one of ordinary skill in the art at the time the invention was made to scan for viruses in the 
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system of Gaul in order to protect the system against infection as taught by Nachenberg (Col. 4, 
line 66 - Col. 5, line 4). 

18. Claims 50, 52 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gaul, U.S. 
Publication No. 2001/0034847, in view of Kardach, U.S. 2002/0143845, and further in view of 
Pitt, U.S. Patent No. 5,675,250. Referring to claims 50, 52, Gaul does not disclose replacing at 
least some of the operating system's dialogue boxes. Kardach discloses replacing at least some 
of the operating system's dialogue boxes (Col. 1, lines 43-55), which meets the limitation of the 
security system replaces at least some of the OS functions that deal with the OS message system, 
and attaches to each message an identification that shows if the OS or another application is the 
source of the message, and the security system allows certain messages to be initiated only by 
the OS. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made for the scanning system of Gaul to replace dialogue boxes in order to provide 
customized alert system as taught by Pitt (Col. 1, lines 46-52). 

19. Claim 62 is rejected under 35 U.S.C. 103(a) as being unpatentable over Gaul, U.S. 
Publication No. 2001/0034847, in view of Kardach, U.S. 2002/0143845, and further in view of 
Togawa, U.S. Patent No. 6,240,530. Referring to claim 62, Gaul does not disclose providing 
restoration of a hard disk or other nonvolatile storage devices for changes made over a certain 
period of time. Togawa discloses any changes that happen on at least one of the hard disk and 
other nonvolatile storage devices and other connected media are completely undo-able at least 
for a certain time period, by keeping a rollback log of all changes or of all significant changes 
(Col. 17, lines 23-30). It would have been obvious to one of ordinary skill in the art at the time 



Application/Control Number: 10/644,841 Page 11 

Art Unit: 2432 

the invention was made for the system of Gaul to provide restoration of data in order to prevent 
destruction of data by viruses as taught by Togawa (Col. 17, lines 28-30). 

20. Claim 66 is rejected under 35 U.S.C. 103(a) as being unpatentable over Gaul, U.S. 
Publication No. 2001/0034847, in view of Kardach, U.S. 2002/0143845, and further in view of 
Moy, U.S. Patent No. 5,425,102. Referring to claim 66, Gaul does not disclose password 
protecting files. Moy discloses password protecting files (Abstract), which meets the limitation 
of the hardware of the CPU and/or the hardware of the disk itself does not allow any access to a 
file unless the software that tries to access it is identified as its rightful owner, by at least one of 
provided the appropriate password, and other means. It would have been obvious to one of 
ordinary skill in the art at the time the invention was made for the system of Gaul to provide 
password protection for files in order to provide access control security for data files as taught by 
Moy (Col. 1, line 20 - Col. 2, line 8). 

21 . Claim 69 is rejected under 35 U.S.C. 103(a) as being unpatentable over Gaul, U.S. 
Publication No. 2001/0034847, in view of Kardach, U.S. 2002/0143845, and further in view of 
Luke, U.S. Patent No. 6,813,712. Referring to claim 69, Gaul does not disclose that the system 
monitors for unusual disk activity. However, it would have been obvious to one of ordinary skill 
in the art at the time the invention was made for the system of Gaul to monitor for unusual disk 
activity because excessive hard drive activity is a symptom of virus infection as taught by Luke 
(Col. 4, lines 15-20). 

22. Claims 76, 84 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gaul, U.S. 
Publication No. 2001/0034847, in view of Kardach, U.S. 2002/0143845, and further in view of 
Angelo, U.S. Patent No. 5,944,821 . Referring to claims 76, 84, Gaul does not disclose preventing 
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programs for unauthorized trapping of the keyboard device in order to catch keystrokes of other 
programs, in order to prevent theft of data from the user's hard disk or other non-volatile storage 
device. Angelo discloses a system that prevents programs from unauthorized trapping of the 
keyboard device in order to catch keystrokes of other programs, in order to prevent theft of data 
from the user's hard disk or other non-volatile storage device (Col. 11, lines 30-44). It would 
have been obvious to one of ordinary skill in the art at the time the invention was made for the 
system of Gaul to prevent trapping of keystrokes in order to prevent user-entered data from being 
surreptitiously obtained as taught by Angelo (Col. 11, lines 35-38). 
23. Claim 85 is rejected under 35 U.S.C. 103(a) as being unpatentable over Gaul, U.S. 
Publication No. 2001/0034847, in view of Kardach, U.S. 2002/0143845, in view of Nachenberg, 
U.S. Patent No. 6,357,008, and further in view of Calder, U.S. Publication No. 2002/0065869. 
Referring to claim 85, Nachenberg does not disclose that the virtual environment includes an 
illusion of the root of a drive. Calder discloses that a virtual environment includes an illusion of 
the root of a drive ([0135]), which meets the limitation of at least one program is given the 
illusion that it installed itself on the root of a drive, but in fact it is installed in a lower directory. 
It would have been obvious to one of ordinary skill in the art at the time the invention was made 
for the virtual environment of Nachenberg to includes an illusion of the root of a drive in order to 
provide the emulated program with the expected directory structure as taught by Calder ([0239]). 
Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BENJAMIN E. LANIER whose telephone number is (571)272- 
3805. The examiner can normally be reached on M-Th 6:00am-4:30pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Benjamin E Lanier/ 

Primary Examiner, Art Unit 2432 



